Satisfying Information Protection Goals

At SecCompany, Inc, the manager in charge of Information Protection makes use of all possible channels to communicate labeling requirements. However, some employees do not understand the requirements. Other employees forget about requirements or ignore the requirements. Even when labels are properly applied, the information is not always properly handled, stored, and distributed. For example, reports indicate that even Registered information is sometimes found unattended. Copies of Registered information have been left next to copy machines and printers, in break rooms, or in lobbies.

The legal department wants a better way to ensure that information is properly labeled without relying totally on employee compliance. The system administrators want a better way to control the following:

• Who can see or modify sensitive information

• Which information is printed on which printers

• How printer output is handled

• How email at various levels of security is distributed internally and externally